unexpected T_ENCAPSED_AND_WHITESPACE, expecting ']'

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
davidtube
Forum Commoner
Posts: 79
Joined: Sun Mar 25, 2007 8:42 pm

unexpected T_ENCAPSED_AND_WHITESPACE, expecting ']'

Post by davidtube »

Sorry, I'm probably missing something obvious but I've been looking at this for ages and can't work out what's wrong. Can anyone spot it?

Code: Select all

$query = mysql_query("INSERT INTO members (Name, EmailContact, CompanyName, WebsiteAddress, EmailDisplay, PhoneNumber, Area, description, LinkLocation, Date) VALUES ('$_POST[name]', '$_POST[e-mail]', '$_POST[companyname]', '$_POST[websiteaddress]', '$_POST[emailaddress]', '$_POST[phonenumber]', '$_POST[county]', '$_POST[description]', '$_POST[linkulr]', '$mysqldate')") or die(mysql_error());
User avatar
Zoxive
Forum Regular
Posts: 974
Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan

Re: unexpected T_ENCAPSED_AND_WHITESPACE, expecting ']'

Post by Zoxive »

Code: Select all

$query = mysql_query("
INSERT INTO members (Name, EmailContact, CompanyName, WebsiteAddress, EmailDisplay, PhoneNumber, Area, description, LinkLocation, Date)
VALUES (
'{$_POST['name']}', 
'{$_POST['e-mail']}', 
'{$_POST['companyname']}', 
'{$_POST['websiteaddress']}', 
'{$_POST['emailaddress']}', 
'{$_POST['phonenumber']}', 
'{$_POST['county']}', 
'{$_POST['description']}', 
'{$_POST['linkulr']}', 
'{$mysqldate}'
)
") or die(mysql_error());
{} help the parser to know what is part of the variable.

Your script is very insecure however, there is no validation, or escaping present. An attacker could easily do some nasty things.
davidtube
Forum Commoner
Posts: 79
Joined: Sun Mar 25, 2007 8:42 pm

Re: unexpected T_ENCAPSED_AND_WHITESPACE, expecting ']'

Post by davidtube »

Great you've fixed it. Thanks. I've never used {} in sql before. I don't understand why I needed it for this.
User avatar
Zoxive
Forum Regular
Posts: 974
Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan

Re: unexpected T_ENCAPSED_AND_WHITESPACE, expecting ']'

Post by Zoxive »

davidtube wrote:Great you've fixed it. Thanks. I've never used {} in sql before. I don't understand why I needed it for this.
Its not, its for PHP to make the String for Mysql.
Example from Php.net wrote:

Code: Select all

<?php
$beer = 'Heineken';
echo "$beer's taste is great"; // works; "'" is an invalid character for variable names
echo "He drank some $beers";   // won't work; 's' is a valid character for variable names
echo "He drank some ${beer}s"; // works
echo "He drank some {$beer}s"; // works
?>
davidtube
Forum Commoner
Posts: 79
Joined: Sun Mar 25, 2007 8:42 pm

Re: unexpected T_ENCAPSED_AND_WHITESPACE, expecting ']'

Post by davidtube »

Thanks, I nearly understand it.
Post Reply